You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@whimsical.apache.org by sebb <se...@gmail.com> on 2015/12/03 23:15:39 UTC
Cross site Javascript access to public json files
I have been trying to integrate the public/committee-info.json and
public/member-info.json files into a the Javascript used by the new
Apache Phone Book [1]. Unfortunately it appears that Javascript cannot
be used to download files except from the same origin.
Whilst it would be possible to copy the files locally as part of a
cron job or as part of a CGI script, that seems a bit
unnecessary/wasteful if direct access can be arranged.
AFAICT, access can be enabled by using the server header
Access-Control-Allow-Origin: *
Would it be possible to add this to the responses sent when GETting
the public/* json files?
Or are there good reasons for not enabling the ACAO header here?
[1] http://home.apache.org/phonebook.html
Re: Cross site Javascript access to public json files
Posted by Sam Ruby <ru...@intertwingly.net>.
On Thu, Dec 3, 2015 at 5:45 PM, sebb <se...@gmail.com> wrote:
> On 3 December 2015 at 22:33, Sam Ruby <ru...@intertwingly.net> wrote:
>> On Thu, Dec 3, 2015 at 5:15 PM, sebb <se...@gmail.com> wrote:
>>> I have been trying to integrate the public/committee-info.json and
>>> public/member-info.json files into a the Javascript used by the new
>>> Apache Phone Book [1].
>>
>> Excellent!
>
> Though it is yet another app that displays similar info ...
That doesn't bother me. At the moment, roster has more function
(e.g., shows email addresses and can be used to navigate to PMC data)
and access is limited to committers.
- Sam Ruby
Re: Cross site Javascript access to public json files
Posted by sebb <se...@gmail.com>.
On 3 December 2015 at 22:33, Sam Ruby <ru...@intertwingly.net> wrote:
> On Thu, Dec 3, 2015 at 5:15 PM, sebb <se...@gmail.com> wrote:
>> I have been trying to integrate the public/committee-info.json and
>> public/member-info.json files into a the Javascript used by the new
>> Apache Phone Book [1].
>
> Excellent!
Though it is yet another app that displays similar info ...
>> Unfortunately it appears that Javascript cannot
>> be used to download files except from the same origin.
>>
>> Whilst it would be possible to copy the files locally as part of a
>> cron job or as part of a CGI script, that seems a bit
>> unnecessary/wasteful if direct access can be arranged.
>>
>> AFAICT, access can be enabled by using the server header
>>
>> Access-Control-Allow-Origin: *
>>
>> Would it be possible to add this to the responses sent when GETting
>> the public/* json files?
>
> Committed revision 974450
Excellent!
>> Or are there good reasons for not enabling the ACAO header here?
>
> None that I can think of. This data is meant to be truly public.
>
>> [1] http://home.apache.org/phonebook.html
>
> - Sam Ruby
Re: Cross site Javascript access to public json files
Posted by Sam Ruby <ru...@intertwingly.net>.
On Thu, Dec 3, 2015 at 5:15 PM, sebb <se...@gmail.com> wrote:
> I have been trying to integrate the public/committee-info.json and
> public/member-info.json files into a the Javascript used by the new
> Apache Phone Book [1].
Excellent!
> Unfortunately it appears that Javascript cannot
> be used to download files except from the same origin.
>
> Whilst it would be possible to copy the files locally as part of a
> cron job or as part of a CGI script, that seems a bit
> unnecessary/wasteful if direct access can be arranged.
>
> AFAICT, access can be enabled by using the server header
>
> Access-Control-Allow-Origin: *
>
> Would it be possible to add this to the responses sent when GETting
> the public/* json files?
Committed revision 974450
> Or are there good reasons for not enabling the ACAO header here?
None that I can think of. This data is meant to be truly public.
> [1] http://home.apache.org/phonebook.html
- Sam Ruby